﻿<% @ Language=VBScript %>
<% Option Explicit %>

<!--#include file="includes/hash1way.asp" -->
<!--#include file="includes/database.asp" -->
<!--#include file="includes/global_varaiable.asp" -->

<%

Response.Buffer = True

Response.Expires = -1
Response.ExpiresAbsolute = Now() - 2
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "No-Store"

Dim strUsername			
Dim strPassword	

strUsername = Trim(Mid(Request.Form("username"), 1, 20))
strPassword = LCase(Trim(Mid(Request.Form("password"), 1, 15)))

If strUsername <> "" AND Request.ServerVariables("REQUEST_METHOD") = "POST" Then

strSQL = "SELECT * FROM NHANSU a INNER JOIN PHANQUYEN b ON a.Level = b.Level WHERE Usr = '" & strUsername & "'"

	rsCommon.LockType = 3
	On Error Resume Next
		
	rsCommon.Open strSQL, adoCon

	If Err.Number <> 0 Then	Call errorMsg("An error has occurred while executing SQL query on database.", "loginUser()_get_USR_login", "login_check.asp")
	
	On Error goto 0	
		
	If rsCommon.EOF Then
		
		Response.Write(vbCrLf & "<script language=""JavaScript"">")
        Response.Write(vbCrLf & "alert('Tên đăng nhập không có trong hệ thống!\n\nVui lòng thử lại!');")
		Response.Write(vbCrLf & "window.location = 'login.asp'")
        Response.Write(vbCrLf & "</script>")
	
	Else
			
		If rsCommon("Active") = false then
			
			Response.Write(vbCrLf & "<script language=""JavaScript"">")
			Response.Write(vbCrLf & "alert('Tài khoản của bạn hiện không được kích hoạt!\n\nVui lòng liên hệ với người quản trị hệ thống!');")
			Response.Write(vbCrLf & "window.location = 'login.asp'")
			Response.Write(vbCrLf & "</script>")
		
		Else
	
			'Mã hóa password
			strPassword = HashEncode(strPassword)
			
			If strPassword = rsCommon("Pwd") then
				Session("StaffUsername") = strUsername
				Session("login") = "login"
				Session("StaffID") = rsCommon("StaffID")
				Session("StaffFullName") = rsCommon("FullName")
				Session("Level") = rsCommon("Level")
				Session("AdminAccess") = rsCommon("AdminAccess")
				Session("ChucDanh") = rsCommon("LevelName")
															
				Response.Write(vbCrLf & "<script language=""JavaScript"">")
				Response.Write(vbCrLf & "window.location = 'default.asp'")
				Response.Write(vbCrLf & "</script>")
			Else
				Session("StaffUsername") = ""
				Session("login") = ""
				Session("StaffID") = ""
				Session("StaffFullName") = ""
				Session("Level") = ""
				Session("AdminAccess") = ""
				Session("ChucDanh") = ""
								
				Response.Write(vbCrLf & "<script language=""JavaScript"">")
				Response.Write(vbCrLf & "alert('Sai mật khẩu!\n\nVui lòng thử lại!');")
				Response.Write(vbCrLf & "window.location = 'login.asp'")
				Response.Write(vbCrLf & "</script>")
			End If
			'response.write(strPassword)
		End If
	
	End If


End If		

%>